package com.songtech.shiro;

import java.util.HashMap;
import java.util.LinkedHashMap;
import java.util.Map;

import javax.servlet.Filter;

import org.apache.shiro.authc.credential.HashedCredentialsMatcher;
import org.apache.shiro.spring.LifecycleBeanPostProcessor;
import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.DependsOn;

@Configuration
public class ShiroConfig {

	@Bean(name="shiroFilter")
	public ShiroFilterFactoryBean shiroFilter(DefaultWebSecurityManager manager) {
        ShiroFilterFactoryBean bean = new ShiroFilterFactoryBean();
        bean.setSecurityManager(manager);
        bean.setLoginUrl("/login");
        //前后端分离时由前端路由控制
        //bean.setSuccessUrl("/index");
        //filterMap.put("login",loginFilter());
        Map<String, Filter> filterMap = new HashMap<String, Filter>();
        bean.setFilters(filterMap);
        
        //配置访问权限
        LinkedHashMap<String,String> filterChainMap = new LinkedHashMap<String,String>();
        filterChainMap.put("/login","anon");
        filterChainMap.put("/logout","anon");
        filterChainMap.put("/asserts/resource/**", "anon");
        filterChainMap.put("/**", "anon");
      
        bean.setFilterChainDefinitionMap(filterChainMap);
        return bean;
    }
	
	
	
	
//	@Bean  
//    public SessionManager sessionManager() {  
//        SessionManager mySessionManager = new SessionManager();  
//        return mySessionManager;  
//    }
	
	
	@Bean(name="securityManager")
    public DefaultWebSecurityManager securityManager(AuthRealm authRealm) {
        DefaultWebSecurityManager manager = new DefaultWebSecurityManager();
        manager.setRealm(authRealm);
        return manager;
    }
	
	/**
	 * 自定义登录认证
	 * @return
	 */
    @Bean(name="authRealm")
    public AuthRealm authRealm() {
    	AuthRealm realm = new AuthRealm();
    	realm.setCredentialsMatcher(hashedCredentialsMatcher());
        return realm;
    }
	
    
    /**
     * 密码加密校验
     * @return
     */
    @Bean(name="credentialsMatcher")
    public HashedCredentialsMatcher hashedCredentialsMatcher(){
       HashedCredentialsMatcher hashedCredentialsMatcher = new HashedCredentialsMatcher();

       //散列算法:这里使用MD5算法;
       hashedCredentialsMatcher.setHashAlgorithmName("md5");
       //散列的次数，比如散列两次，相当于 md5(md5(""));
       hashedCredentialsMatcher.setHashIterations(1);
       //storedCredentialsHexEncoded默认是true，此时用的是密码加密用的是Hex编码；false时用Base64编码
       hashedCredentialsMatcher.setStoredCredentialsHexEncoded(true);

       return hashedCredentialsMatcher;
    }
    
	@Bean(name="lifecycleBeanPostProcessor")
    public LifecycleBeanPostProcessor lifecycleBeanPostProcessor(){
        return new LifecycleBeanPostProcessor();
    }
	
    @Bean
    @DependsOn("lifecycleBeanPostProcessor")
    public DefaultAdvisorAutoProxyCreator defaultAdvisorAutoProxyCreator(){
        DefaultAdvisorAutoProxyCreator creator = new DefaultAdvisorAutoProxyCreator();
        creator.setProxyTargetClass(true);
        return creator;
    }
    
    @Bean
    public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(DefaultWebSecurityManager manager) {
        AuthorizationAttributeSourceAdvisor advisor = new AuthorizationAttributeSourceAdvisor();
        advisor.setSecurityManager(manager);
        return advisor;
    }
}
